Modifying data using INSERT, UPDATE, and DELETE

You can perform SQL data modification using the execute method of a PreparedStatement. A PreparedStatement queries the database
with a user-defined SQL statement.

When applying a SQL statement to a PreparedStatement, query parameters are indicated by the ? character. For any INSERT, UPDATE, or DELETE statement, each ? parameter is referenced according to its ordinal position in the statement. For example, the first ? is referenced as parameter one, and the second as parameter two.

Concatenation is recommended over host variables when writing SQL statements that only need to be executed once. The following
example demonstrates a row insertion method that uses concatenation to execute SQL statements: